ID-01: User MFA Registration
Frequently asked questions about implementing and managing the ID-01 security control in Microsoft 365 and Entra ID.
QWhat is ID-01 (User MFA Registration)?▼
ID-01 is a security control that mfa blocks over 99.9% of account compromise attacks. even with a ca policy requiring mfa, users must actually register mfa methods to be protected. low registration means users are vulnerable. It requires that 95% or more of users have mfa methods registered and users have registered microsoft authenticator, security keys, or phone, break-glass accounts are excluded from this metric.
QWhy is User MFA Registration important for Microsoft 365 security?▼
MFA blocks over 99.9% of account compromise attacks. Even with a CA policy requiring MFA, users must actually register MFA methods to be protected. Low registration means users are vulnerable.
QHow do I implement ID-01 in my tenant?▼
ID-01 requires manual implementation. Users must register MFA methods themselves. Use Entra ID MFA registration campaign to prompt users.
QWhat license do I need for ID-01?▼
This control can be implemented with any Microsoft 365 subscription, including free Azure AD.
QWhich security baseline includes ID-01?▼
ID-01 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.
QWhy is ID-01 marked as critical severity?▼
ID-01 is rated critical because failure to implement this control significantly increases the risk of security incidents. MFA blocks over 99.9% of account compromise attacks. Even with a CA policy requiring MFA, users must actually register MFA methods to be protected. Low registration means users are vulnerable.
6
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial